Internet users generate large amounts of content, such as images, video and audio files. Users can share selected files by sending messages to friends, or by posting to known web sites, such as social networks, image or video galleries.
However, the amount of the content generated by many users is too large for distribution through these channels. Uploading all this content to the online storage servers is often costly or impractical. For instance, security videos generated by web cameras could consume large amount of storage, with only small portions of these videos being used for detailed reviews. Large collections of personal images may have relatively few pictures repeatedly viewed at high resolution, etc. Another problem with uploading the content to the online storage is a potential breach of privacy and disclosure of sensitive content.
These problems could be resolved if user-generated content, stored on a personal computer, is made available for remote access by installing a local web server addressable by a public domain name. However, many personal computers are located behind the routers that use Network Address Translation (NAT). Such routers usually don't allow external access to their local networks; custom configuration changes to relax these restrictions, such as port forwarding, may decrease security of computers on the local network, exposing them to outside threats such as denial of service attacks, extensive port scanning and exploits of known vulnerabilities.
It is possible to bypass router restrictions on external access without custom configuration changes, by establishing communication channel with an intermediary server capable of supporting reverse connections. After initial connection is established between the personal computer and the intermediary server, that server can forward request from remote client through a reverse connection to the personal computer and forward the response from the personal content server back to the remote client. One such implementation was done by the Opera Software ASA corporation under the name Opera Unite™. This implementation enables remote client to view user's content without installing additional software: any standard web browser can open the web page served by the personal HTTP server through the reverse connection.
One of the problems of such implementation is unsecure data exchange between personal computer and remote client. Even if channel used for reverse communications is encrypted (for instance, a reverse SSH tunnel), this encryption doesn't protect the traffic between the content consumer and an intermediary server. Unauthorized third party can observe or modify that traffic, or even pose as content provider by redirecting DNS requests to its own IP address and responding to requested links.
End-to-end data security (for instance, by using HTTPS protocol between the personal content server and remote client) would require storing private SSL certificates on personal computers, which could be costly and hard to protect from unauthorized disclosure.
Therefore, there is a need to enable secure sharing of user's content with remote clients without first uploading it to remote servers, performing unsecure modifications of router configurations or requiring remote clients to install additional software.